[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.9] fuzz/x86_emulate: clear errors after each iteration

commit a8377a38217025d969100241bc29d4ee20cbcf14
Author:     George Dunlap <george.dunlap@xxxxxxxxxx>
AuthorDate: Tue Oct 24 16:13:22 2017 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Oct 24 16:13:22 2017 +0200

    fuzz/x86_emulate: clear errors after each iteration
    
    Once feof() returns true for a stream, it will continue to return true
    for that stream until clearerr() is called (or the stream is closed
    and re-opened).
    
    In llvm-clang-fast-mode, the same file descriptor is used for each
    iteration of the loop, meaning that the "Input too large" check was
    broken -- feof() would return true even if the fread() hadn't hit the
    end of the file.  The result is that AFL generates testcases of
    arbitrary size.
    
    Fix this by clearing the error after each iteration.
    
    Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    
    fuzz/x86_emulate: Clear errors in the officially sanctioned way
    
    Commit 849a1f10c9 was checked in inappropriately; review flagged up
    that clearerr() was too big a hammer, as it would clear both the EOF
    flag and stream errors.
    
    Stream errors shouldn't be cleared; we only want the EOF and other
    stream-related state reset.  To do this, it is sufficient to fseek()
    to zero.
    
    Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx>
    Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    master commit: 849a1f10c937ce0782db95b85da391a49317c49e
    master date: 2017-10-09 16:04:11 +0200
    master commit: cf72cfb0c8513c3f83dc9541312b12e7325f5c02
    master date: 2017-10-11 23:35:21 +0100
---
 tools/fuzz/x86_instruction_emulator/afl-harness.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tools/fuzz/x86_instruction_emulator/afl-harness.c 
b/tools/fuzz/x86_instruction_emulator/afl-harness.c
index 1548693..31ae1da 100644
--- a/tools/fuzz/x86_instruction_emulator/afl-harness.c
+++ b/tools/fuzz/x86_instruction_emulator/afl-harness.c
@@ -77,6 +77,17 @@ int main(int argc, char **argv)
                 exit(-1);
             }
         }
+#ifdef __AFL_HAVE_MANUAL_CONTROL
+        else
+        {
+            /* 
+             * This will ensure we're dealing with a clean stream
+             * state after the afl-fuzz process messes with the open
+             * file handle.
+             */
+            fseek(fp, 0, SEEK_SET);
+        }
+#endif
 
         size = fread(input, 1, INPUT_SIZE, fp);
 
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.9

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.